• Humanius@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    1 month ago

    It shouldn’t even be that complex…

    I might be mistaken, but ultimately a password manager is basically nothing more than a database of passwords in an encrypted zip file, right? That could entirely be self-hosted with off the shelf open source applications stringed together.
    All you’d need is a nice UI stringing it all together.

    Edit: I’m not sure why people are downvoting me. Is that not what a password manager essentially is?

    • wintermute@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 month ago

      Keepass is exactly that. Basically all the client side parts, and the database is a single encrypted file that you can sync however you want.

    • LedgeDrop@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 month ago

      It’s the “stringing it all together” that could be problematic.

      If you have multiple clients (desktop/cellphone) modifying the same entry (or even different entries in the same “database” ). You need something smart enough to gracefully handle this or atleast tell you about it.

      I did the whole “syncing” KeePass and it was functional, but it also meant I needed to handle conflicts - which was annoying. I switched and really appreciate the whole “it just works” with self-hosted bitwarden.

    • xthexder@l.sw0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      I’ve done basically this in the past by encrypting a text file with GPG. But a real password manager will integrate with your browser and helps prevent getting phished by verifying the domain before entering a password. It also syncs across all my devices, which my GPG file only worked well on my desktop.